The CFTC’s First-Ever Fintech Arrangement with a Foreign Regulator is Out—An Overview and Analysis

The CFTC has just unveiled an ambitious effort to coordinate fintech information-sharing with the UK’s Financial Conduct Authority. It’s quite a step—the first of its kind for any U.S. agency with a non US entity. The agreement (a full transcript of the accord is here) is intended to deepen collaboration, and creates a mechanism for information sharing relating to “referrals, and learning from proofs of concept, trials, or innovation competitions that will enable the Authorities to share information on FinTech and RegTech and to refer Innovator Businesses to each other.”

Behind the legalese, the terms of the agreement are really quite simple. Innovation Labs (or “Innovation Functions”) from respective countries will be empowered to present domestic firms to one another for regulatory consideration as well as streamline the process whereby such firms can acquire information about a foreign regulator’s rules and expectations. As such, they reflect the fact that the agreements are not only regulatory in nature, but also reflect some interest in improving market access for firms.

I’ve just reviewed it, and I have a few initial observations:

First, fintech is cross border, and enhanced cross border coordination and information sharing will be necessary (beyond market access issues) for authorities in order to get even their domestic regulatory approaches right–and the CFTC clearly recognizes this. As such, it is ahead of the curve of a number of peer agencies.

Second, it’s important to not overstate just what this is. Like many “soft law” arrangements, this “Cooperation Agreement” is not a legally binding treaty, but instead a framework to support deeper coordination. Some reports have speculated that it would constitute the initiation of some kind of mutual recognition agreement, but I would suspect that that would be a long way off, if ever—especially with regards to mission critical infrastructure supporting derivatives regulation.

Third, the full operationalization of a bilateral accord of this nature will likely require more than just the CFTC’s input and assistance. Precisely because products may be classified differently across borders means that fast-tracking will often require the CFTC to additionally coordinate with other authorities, including the SEC and banking regulators. The CFTC has an “Innovation Function” designed for this kind of market, and now international, fintech coordination. Many other agencies (ahem, SEC) do not.

Fourth, I’m conflicted a bit about Paragraph 25. Ultimately, domestic firms can prevent their home regulator from sharing any information about the firm under the program, and presumably any related testing and regulatory considerations about it. Of course, it obviously makes sense where firms are legitimately concerned about the safety or security of their intellectual property. The accord is, however, bound by a confidentiality arrangement. Furthermore, it seems self-defeating since a regulator, when presented with a company that refuses to disclose potentially material information relating to its risk to consumers or the market, will likely be encouraged to apply even stricter scrutiny to the firm if its intentions involve operating abroad.

Finally, agreements like this should probably seek in the future to contain some kind of enforcement cooperation component, and not just incorporate others by reference. Fintech attracts not only innovators, but also fraudsters, hackers, and increasingly, evildoers seeking to undermine US (and UK) national security. And where there are illegal acts, the evidence, witnesses and other relevant information for enforcing financial rules will, given the nature of fintech, not infrequently be located or housed in far-flung locales and data infrastructures, from the cloud to crypto-exchanges. An early recognition of this challenge is healthy, I think, and could be useful for deepening future transatlantic collaboration.